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IN THE CLAIMS: 

Please reconsider the claims as follows: 

LISTING OF THE CLAIMS: 

1 . (currently amended) A method, comprising: 

identifying a set of virtual private network (VPN) customers, at least one mobile 
access point (MAP) and at least one customer premise equipment (CPE) associated with 
each VPN customer, and at least one [[IP]] Internet Protocol (IP) service gateway (IPSG) 
for facilitating VPN tunneling between a MAP and a CPE, wherein each MAP is 
geographically remote from each IPSG; and 

selecting a subset of IPSGs to maximize total profit resulting from provisioning a 
subset of VPN customers on the selected IPSGs, wherein said total profit from all the 
customers comprises the sum of profits from each customer (/), where for each customer 
profit ([/) equals weighted revenue (J V 1 ) less cost (C l ), (lf=Y V*-C l ), wherein said cost 
per customer comprises a total tunnel bandwidth cost (C 7 c) from said MAP to said CPE, 
and a cost (CV) of provisioning an IPSG node. 

2. (original) The method of claim 1, wherein r represents relative weight of 
revenue compared to total cost for customer /. 

3. (original) The method of claim 1, wherein said total tunnel bandwidth cost 
comprises a dynamic tunnel bandwidth cost between said MAP and said provisioned 
IPSG, and a static tunnel bandwidth cost between said provisioned IPSG and said CPE. 

4. (original) The method of claim 1, wherein only a single tunnel is established 
between said provisioned IPSG and said CPE, even during instances where traffic from 
multiple MAPs are going through said provisioned IPSG to reach said CPE. 
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5. (original) The method of claim 1, wherein in an instance said provisioned IPSG 
sends traffic to more than one CPE, said provision cost is counted only once. 



6. (original) The method of claim 1, wherein said cost per customer / is determined 

f \ 
by C l = ^c l ij + j8 ^d l jk + v^fjy 1 J > where c l y is a bandwidth cost associated 

^iePJeQ jeQ,k<=R t J j^Q 

with sending traffic from a MAP node / to an IPSG node j\ d/#is a bandwidth cost 
associated with sending traffic from said IPSG node j to said CPE node £, jB represents a 
weighing factor with respect to said shared static tunnel, fj is a provisioning cost 
associated with using said IPSG node j , y l j is a binary variable denoting whether said 
IPSG j is provisioned for a provisioned customer to send traffic to at least one of its 
CPEs, and a is a weighing factor for provision cost over total bandwidth cost. 

7. (original) The method of claim 6, wherein said bandwidth cost (c l ij) associated 
with sending traffic from a MAP node i to an IPSG node j comprises the product of unit 
bandwidth cost (%) between said MAP node i and said IPSG node j 9 and a sum of traffic 



IPSG node /. 



from MAP node i to said CPE node k that is directed through 



8. (original) The method of claim 6, wherein said bandwidth cost (dy*) associated 
with sending traffic from an IPSG node j to a CPE node k comprises the product of unit 
bandwidth cost (e l jk) between said IPSG node j and said CPE node £, and a total amount 

of traffic ^s'ijk , V/ g Q, V& e R l from MAP node i to said CPE node k that is directed 
W ^ J 

through IPSG node J. 
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9. (original) The method of claim 6, wherein said total amount of traffic 



from MAP node i to said IPSG node j is less than or equal to total bandwidth capacity 
(gtj) between said MAP node i and said IPSG node j. 



( \ 

10. (original) The method of claim 6, wherein said total amount of traffic ^s l yk 

\ieP J 

from said IPSG node j to said CPE node k is less than or equal to total bandwidth capacity 
(h l jk) between said IPSG node j and said CPE node k. 

1 1 . (currently amended) A virtual private network (VPN) system architecture, 
comprising: 

means for identifying a set of virtual private network (VPN) customers, at least 
one mobile access point (MAP) and at least one customer premise equipment (CPE) 
associated with each VPN customer, and at least one [[IP]] Internet Protocol (IP) service 
gateway (IPSG) for facilitating VPN tunneling between a MAP and a CPE, wherein each 
MAP is geographically remote from each IPSG; and 

means for selecting a subset of IPSGs to maximize total profit resulting from 
provisioning a subset of VPN customers on the selected IPSGs, wherein said total profit 
from all the customers comprises the sum of profits from each customer (/), where for 
each customer profit ([/) equals weighted revenue (J V 1 ) less cost (C\ (lf= r V*-d), 
wherein said cost per customer comprises a total tunnel bandwidth cost (Cc) from said 
MAP to said CPE, and a cost (CV) of provisioning an IPSG node. 

1 2. (currently amended) The method system architecture of claim 1 1 , wherein 7 
represents relative weight of revenue compared to total cost for customer /. 

13. (currently amended) The m e thod system architecture of claim 1 1 , wherein said 
total tunnel bandwidth cost comprises a dynamic tunnel bandwidth cost between said 
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MAP and said provisioned IPSG, and a static tunnel bandwidth cost between said 
provisioned IPSG and said CPE. 

14. (currently amended) The m e thod system architecture of claim 11, wherein only a 
single tunnel is established between said provisioned IPSG and said CPE, even during 
instances where traffic from multiple MAPs are going through said provisioned IPSG to 
reach said CPE. 



15. (currently amended) The m e thod system architecture of claim 11, wherein in an 
instance said provisioned IPSG sends traffic to more than one CPE, said provision cost is 
counted only once. 



16. (currently amended) The method system architecture of claim 1 1 , wherein said 

( \ 
cost per customer / is determined by C l = ^c l ij + J3 ^d l jk + oc^fjy 1 j ? where c l y 

is a bandwidth cost associated with sending traffic from a MAP node / to an IPSG node j 9 
djkis a bandwidth cost associated with sending traffic from said IPSG node j to said CPE 
node k, J3 represents a weighing factor with respect to said shared static tunnel, fj is a 
provisioning cost associated with using said IPSG node, y l j is a binary variable denoting 
whether said IPSG j is provisioned for a provisioned customer to send traffic to at least 
one of its CPEs, and a is a weighing factor for provision cost over total bandwidth cost. 

17. (currently amended) The method system architecture of claim 16, wherein said 
bandwidth cost (c l t j) associated with sending traffic from a MAP node i to an IPSG node j 
comprises the product of unit bandwidth cost (ay) between said MAP node i and said 

f 

IPSG node j, and a sum of traffic ^Viy* , V/ e P 9 V/ e Q 
node k that is directed through IPSG node j. 



from MAP node i to said CPE 
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1 8. (currently amended) The method system architecture of claim 1 6, wherein said 
bandwidth cost (ctjk) associated with sending traffic from an IPS G node j to a CPE node k 
comprises the product of unit bandwidth cost (e l jk) between said IPSG node j and said 

CPE node k, and a total amount of traffic ^ s'p , Vy <= Q, \fk e R t from MAP node i to 
said CPE node k that is directed through IPSG node y . 



1 9. (currently amended) The method system architecture of claim 1 6, wherein said 

f \ 

^s l ijk from MAP node i to said IPSG node j is less than or 



total amount of traffic 



equal to total bandwidth capacity (gy) between said MAP node / to said IPSG node y\ 

20. (currently amended) The m e thod system architecture of claim 16, wherein said 

( \ 

total amount of traffic from said IPSG node j to said CPE node k is less than or 

J 

equal to total bandwidth capacity (h l jk) between said IPSG node j and said CPE node k. 

21. (original) The system architecture of claim 11, wherein said MAPs provide 
dynamic switching and routing of data connections, while said IPSGs provide VPN 
services. 



22. (currently amended) A computer readable medium for storing instructions that, 
when executed by a processor, perform a method for optimally provisioning connectivity 
for network-based mobile virtual private network (VPN) services, comprising 
comprising: 

identifying a set of virtual private network (VPN) customers, at least one mobile 
access point (MAP) and at least one customer premise equipment (CPE) associated with 
each VPN customer, and at least one [[IP]] Internet Protocol (IP) service gateway (IPSG) 
for facilitating VPN tunneling between a MAP and a CPE, wherein each said MAP is 
geographically remote from each said IPSG; and 
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selecting a subset of IPSGs to maximize total profit resulting from provisioning a 
subset of VPN customers on the selected IPSGs, wherein said total profit from all the 
customers comprises the sum of profits from each customer (/), where for each customer 
profit (if) equals weighted revenue (J V 1 ) less cost (Cf) (lf=Y V*-C\ wherein said cost 
per customer comprises a total tunnel bandwidth cost (C c) from said MAP to said CPE, 
and a cost (CV) of provisioning an IPSG node. 
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